You can translate the content of this page by selecting a language in the select box.
Almost 4.57 billion people were active internet users as of July 2020, encompassing 59 percent of the global population. 94% of enterprises use cloud. 77% of organizations worldwide have at least one application running on the cloud. This results in an exponential growth of cyber attacks. Therefore, CyberSecurity is one the biggest challenge to individuals and organizations worldwide: 158,727 cyber attacks per hour, 2,645 per minute and 44 every second of every day.
In this blog, we cover the Top 25 AWS Certified Security Specialty Questions and Answers Dumps and all latest and relevant information about CyberSecurity including:
- CyberSecurity Key Terms
- CyberSecurity Certification Roadmap
- Hacking Tools Cheat Sheet
- Wireshark Cheat Sheet
- CyberSecurity Top Posts on Reddit
- Best CyberSecurity Books
- Best CyberSecurity Online Training
- Best CyberSecurity Courses
- Best CyberSecurity Podcasts
- Best Cybersecurity Youtube Channels
- CyberSecurity Jobs
- CyberSecurity Cheat Sheets
- How SSl Certificates Works
- Penetration Testing Terms
- CyberSecurity Post COVID-19
- CyberSecurity Questions and Answers
- What are the best ways to protect yourself on the internet?
- Who are the notable hackers
- History of RansomWare
I- The AWS Certified Security – Specialty (SCS-C01) examination is intended for individuals who perform a security role. This exam validates an examinee’s ability to effectively demonstrate knowledge about securing the AWS platform.
It validates an examinee’s ability to demonstrate:
An understanding of specialized data classifications and AWS data protection mechanisms.
An understanding of data-encryption methods and AWS mechanisms to implement them.
An understanding of secure Internet protocols and AWS mechanisms to implement them.
A working knowledge of AWS security services and features of services to provide a secure production environment.
Competency gained from two or more years of production deployment experience using AWS security services and features.
The ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements.
An understanding of security operations and risks.
Below are the Top 25 AWS Certified Security Specialty Questions and Answers Dumps including Notes, Hint and References:
Question 1: When requested through an STS API call, credentials are returned with what three components?
If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book below.
Reference1: Security Token, Access Key ID, Secret Access Key
Question 2: A company has AWS workloads in multiple geographical locations. A Developer has created an Amazon Aurora database in the us-west-1 Region. The database is encrypted using a customer-managed AWS KMS key. Now the Developer wants to create the same encrypted database in the us-east-1 Region. Which approach should the Developer take to accomplish this task?
With average increases in salary of over 25% for certified individuals, you’re going to be in a much better position to secure your dream job or promotion if you earn your AWS Certified Solutions Architect Associate our Cloud Practitioner certification. Get the books below to for real practice exams:Use the promo codes: W6XM9XP4TWN9 or T6K9P4J9JPPR or 9LWMYKJ7TWPN or TN4NTERJYHY4 for AWS CCP eBook at Apple iBook store.
Use Promo Codes XKPHAATA6LRL 4XJRP9XLT9XL or LTFFY6JA33EL or HKRMTMTHFMAM or 4XHAFTWT4FN6 for AWS SAA-C03 eBook at Apple iBook store
Use Promo Codes EF46PT44LXPN or L6L9R9LKEFFR or TWELPA4JFJWM for Azure Fundamentals eBook at Apple iBook store.
Question 3: A corporate cloud security policy states that communication between the company’s VPC and KMS must travel entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST satisfies this requirement? (Select TWO.)
We know you like your hobbies and especially coding, We do too, but you should find time to build the skills that’ll drive your career into Six Figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive. Start your cloud journey with these excellent books below:
Reference3: AWS KMS
Question 4: An application team is designing a solution with two applications. The security team wants the applications’ logs to be captured in two different places, because one of the applications produces logs with sensitive data. Which solution meets the requirement with the LEAST risk and effort?
Reference4: Amazon CloudWatch Logs log group.
Question 5: A security engineer must set up security group rules for a three-tier application:
- Presentation tier – Accessed by users over the web, protected by the security group presentation-sg
- Logic tier – RESTful API accessed from the presentation tier through HTTPS, protected by the security group logic-sg
- Data tier – SQL Server database accessed over port 1433 from the logic tier, protected by the security group data-sg
Reference5: n-tier architecture
Question 6: A security engineer is working with a product team building a web application on AWS. The application uses Amazon S3 to host the static content, Amazon API Gateway to provide RESTful services, and Amazon DynamoDB as the backend data store. The users already exist in a directory that is exposed through a SAML identity provider. Which combination of the following actions should the engineer take to enable users to be authenticated into the web application and call APIs? (Select THREE).
Question 7: A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A security engineer has written the following bucket policy to grant public read access:
Reference7: IAM Policy – Access to S3 bucket
Question 8: A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database. Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)
Question 9: A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture:
- Data must be encrypted in transit.
- Data must be encrypted at rest.
- The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
Question 10: A security engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way?
Reference10: lifecycle policies
Question 11: A security engineer has been informed that a user’s access key has been found on GitHub. The engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities. Which steps must be taken to perform these tasks?
Reference11: malicious activities
Question 12: You have a CloudFront
B) The ‘*’ path
Question 13: An application running
Question 14: An organization is
Question 15: From a security
Question 16: A company is storing an
Reference16: IAM Roles for EC2
Question 17: While signing in REST/
Reference17: Rest API
Question 18: You are using AWS
Question 19: Your company has
Reference19: About Web Identity Federation
Question 20: Your application
Reference20: Cognito Streams
Reference21: AWS Key
Question 22: Which of the following
Reference23: Envelope encryption
Question 24: Which command can you
Question 25: If an EC2 instance uses an instance role, key rotation is automatic and handled by __.
CYBERSECURITY KEY TERMS
- Cryptography: Practice and study of techniques for secure communication in the presence of third parties called adversaries.
- Hacking: catch-all term for any type of misuse of a computer to break the security of another computing system to steal data, corrupt systems or files, commandeer the environment or disrupt data-related activities in any way.
- Cyberwarfare: Uuse of technology to attack a nation, causing comparable harm to actual warfare. There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists
- Penetration testing: Colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.
- Malwares: Any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
- VPN: A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, although not an inherent, part of a VPN connection.
- DDos: A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack.
- Fraud Detection: Set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.
- Spywares: Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example by violating their privacy or endangering their device’s security.
- Spoofing: Disguising a communication from an unknown source as being from a known, trusted source
- Pharming: Malicious websites that look legitimate and are used to gather usernames and passwords.
- Catfishing: Creating a fake profile for fraudulent or deceptive purposes
- SSL: Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
- Phishing emails: Disguised as trustworthy entity to lure someone into providing sensitive information
- Intrusion detection System: Device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
- Encryption: Encryption is the method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.
- MFA: Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. In IT, these credentials take the form of passwords, hardware tokens, numerical codes, biometrics, time, and location.
- Vulnerabilities: A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
- SQL injections: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
- Cyber attacks: In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
- Confidentiality: Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
- Secure channel: In cryptography, a secure channel is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing, but not necessarily resistant to tampering.
- Tunneling: Communications protocol that allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
- SSH: Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
- SSL Certificates: SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information.
- Phishing: Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
- Cybercrime: Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation’s security and financial health.
- Backdoor: A backdoor is a means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
- Salt and Hash: A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate rainbow table attacks by forcing attackers to re-compute them using the salts.
- Password: A password, sometimes called a passcode, is a memorized secret, typically a string of characters, usually used to confirm the identity of a user. Using the terminology of the NIST Digital Identity Guidelines, the secret is memorized by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant’s identity.
- Fingerprint: A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfaces such as glass or metal.
- Facial recognition: Facial recognition works better for a person as compared to fingerprint detection. It releases the person from the hassle of moving their thumb or index finger to a particular place on their mobile phone. A user would just have to bring their phone in level with their eye.
- Asymmetric key ciphers versus symmetric key ciphers (Difference between symmetric and Asymmetric encryption): The basic difference between these two types of encryption is that symmetric encryption uses one key for both encryption and decryption, and the asymmetric encryption uses public key for encryption and a private key for decryption.
- Decryption: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
- Algorithms: Finite sequence of well-defined, computer-implementable instructions, typically to solve a class of problems or to perform a computation.
- Authentication: is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product or document is not counterfeit.
- DFIR: Digital forensic and incident response: Multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, an kinds of targets. We’ll discuss those more below.
- OTP: One Time Password: A one-time password, also known as one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device
- Proxy Server and Reverse Proxy Server:A proxy server is a go‑between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server.
LATEST CYBER SECURITY NEWS
WireShark Cheat Sheet
Top CyberSecurity All Time Posts
Show All Around Defender Primers
- Linux CLI 101 https://wiki.sans.blue/Tools/pdfs/LinuxCLI101.pdf
- Linux CLI https://wiki.sans.blue/Tools/pdfs/LinuxCLI.pdf
- PowerShell Primer https://wiki.sans.blue/Tools/pdfs/PowerShell.pdf
- PowerShell Get-WinEvent https://wiki.sans.blue/Tools/pdfs/Get-WinEvent.pdf
Show Offensive * Exploit Database
Offensive * Exploit Database – The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. https://www.exploit-db.com/
- Krebs On Security In depth security news and investigation https://krebsonsecurity.com/
- Dark Reading Cyber security’s comprehensive news site is now an online community for security professionals. https://www.darkreading.com/
- The Hacker News – The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts. https://thehackernews.com
- SecuriTeam – A free and independent source of vulnerability information. https://securiteam.com/
- SANS NewsBites – “A semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.” Published for free on Tuesdays and Fridays. https://www.sans.org/newsletters/newsbites
CYBERSECURITY YOUTUBE CHANNELS
This list was originally forked/curated from here: https://wportal.xyz/collection/cybersec-yt1 on (7/29/2020) Attribution and appreciation to d4rckh
- Djamga Technology
- SimplyCyber Weekly vids, Simply Cyber brings Information security related content to help IT or Information Security professionals take their career further, faster. Current cyber security industry topics and techniques are explored to promote a career in the field. Topics cover offense, defense, governance, risk, compliance, privacy, education, certification, conferences; all with the intent of professional development. https://www.youtube.com/c/GeraldAuger
- IPPSec https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- Tradecraft Security Weekly – Want to learn about all of the latest security tools and techniques? https://wiki.securityweekly.com/Tradecraft_Security_Weekly
- Derek Rook – CTF/Boot2root/wargames Walkthrough – lots of lengthy screenshot instructional vids https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
- Adrian Crenshaw – lots of lengthy con-style talks https://www.youtube.com/user/irongeek
- LionSec – lots of brief screenshot instructional vids, no dialog https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow
- Zer0Mem0ry – lots of brief c++ security videos, programming intensive https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA
- webpwnized – lots of brief screenshot vids, some CTF walkthroughs https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg
- Waleed Jutt – lots of brief screenshot vids covering web security and game programming https://www.youtube.com/channel/UCeN7cOELsyMHrzfMsJUgv3Q
- Troy Hunt – lone youtuber, medium length news videos, 16K followers, regular content https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ
- Tradecraft Security Weekly – Want to learn about all of the latest security tools and techniques?https://wiki.securityweekly.com/Tradecraft_Security_Weekly
- SSTec Tutorials – lots of brief screenshot vids, regular updates https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg
- Shozab Haxor – lots of screenshot style instructional vids, regular updates, windows CLI tutorial https://www.youtube.com/channel/UCBwub2kRoercWQJ2mw82h3A
- Seytonic – variety of DIY hacking tutorials, hardware hacks, regular updates https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA
- Security Weekly – regular updates, lengthy podcast-style interviews with industry pros https://www.youtube.com/channel/UCg–XBjJ50a9tUhTKXVPiqg
- SecureNinjaTV – brief news bites, irregular posting, 18K followers https://www.youtube.com/channel/UCNxfV4yR0nIlhFmfwcdf3BQ
- Samy Kamkar’s Applied hacking https://www.youtube.com/user/s4myk
- rwbnetsec – lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. https://www.youtube.com/channel/UCAJ8Clc3188ek9T_5XTVzZQ
- Penetration Testing in Linux https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA
- Pentester Academy TV – lots of brief videos, very regular posting, up to +8 a week https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA
- Open SecurityTraining – lots of lengthy lecture-style vids, no recent posts, but quality info. https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg
- NetSecNow – channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids https://www.youtube.com/channel/UC6J_GnSAi7F2hY4RmnMcWJw
- Metasploitation – lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg
- LiveOverflow – Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts. https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
- LionSec – lots of brief screenshot instructional vids, no dialog https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow
- Latest Hacking News 10K followers, medium length screenshot videos, no recent releases https://www.youtube.com/user/thefieldhouse/feed
- John Hammond – Solves CTF problems. contains penTesting tips and tricks https://www.youtube.com/user/RootOfTheNull
- JackkTutorials – lots of medium length instructional vids with some AskMe vids from the youtuber https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA
- iExplo1t – lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts https://www.youtube.com/channel/UCx0HClQ_cv0sLNOVhoO2nxg/videos
- HACKING TUTORIALS – handful of brief screenshot vids, no recent posts. https://www.youtube.com/channel/UCbsn2kQwNxcIzHwbdDjzehA
- HackerSploit – regular posts, medium length screenshot vids, with dialog https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
- GynvaelEN – Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things. https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
- Geeks Fort – KIF – lots of brief screenshot vids, no recent posts https://www.youtube.com/channel/UC09NdTL2hkThGLSab8chJMw
- Error 404 Cyber News – short screen-shot videos with loud metal, no dialog, bi-weekly https://www.youtube.com/channel/UC4HcNHFKshqj-aeyi6imW7Q
- Don Does 30 – amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g
- Derek Rook – CTF/Boot2root/wargames Walkthrough – lots of lengthy screenshot instructional vids, https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
- DemmSec – lots of pen testing vids, somewhat irregular uploads, 44K followers https://www.youtube.com/channel/UCJItQmwUrcW4VdUqWaRUNIg
- DEFCON Conference – lots of lengthy con-style vids from the iconical DEFCON https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw
- DedSec – lots of brief screenshot how-to vids based in Kali, no recent posts. https://www.youtube.com/channel/UCx34ZZW2KgezfUPPeL6m8Dw
- danooct1 – lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followers https://www.youtube.com/channel/UCqbkm47qBxDj-P3lI9voIAw
- BalCCon – Balkan Computer Congress – Long con-style talks from the Balkan Computer Congress, doesn’t update regularlyhttps://www.youtube.com/channel/UCoHypmu8rxlB5Axh5JxFZsA
- Corey Nachreiner – security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule https://www.youtube.com/channel/UC7dUL0FbVPGqzdb2HtWw3Xg
- Adrian Crenshaw – lots of lengthy con-style talks https://www.youtube.com/user/irongeek
- 0x41414141 – Channel with couple challenges, well explained https://www.youtube.com/channel/UCPqes566OZ3G_fjxL6BngRQ
- HackADay – Hackaday serves up Fresh Hacks Every Day from around the Internet. https://hackaday.com/
- TheCyberMentor – Heath Adams uploads regular videos related to various facets of cyber security, from bug bounty hunts to specific pentest methodologies like API, buffer overflows, networking. https://www.youtube.com/c/TheCyberMentor/
- Grant Collins – Grant uploads videos regarding breaking into cybersecurity, various cybersecurity projects, building up a home lab amongst many others. Also has a companion discord channel and a resource website. https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA/featured
- Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
- Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
- Security Now – Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
- Daily Information Security Podcast (“StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
- ShadowTalk Threat Intelligence Podcast by Digital Shadow_. The weekly podcast highlights key findings of primary-source research our Intelligence Team is conducting, along with guest speakers discussing the latest threat actors, campaigns, security events and industry news. https://resources.digitalshadows.com/threat-intelligence-podcast-shadowtalk
- Don’t Panic – The Unit 42 Podcast Don’t Panic! is the official podcast from Unit 42 at Palo Alto Networks. We find the big issues that are frustrating cyber security practitioners and help simplify them so they don’t need to panic. https://unit42.libsyn.com/
- Recorded Future Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. https://www.recordedfuture.com/resources/podcast/
- The Cybrary Podcast Listen in to the Cybrary Podcast where we discuss a range topics from DevSecOps and Ransomware attacks to diversity and how to retain of talent. Entrepreneurs at all stages of their startup companies join us to share their stories and experience, including how to get funding, hiring the best talent, driving sales, and choosing where to base your business. https://www.cybrary.it/info/cybrary-podcast/
- Cyber Life The Cyber Life podcast is for cyber security (InfoSec) professionals, people trying to break into the industry, or business owners looking to learn how to secure their data. We will talk about many things, like how to get jobs, cover breakdowns of hot topics, and have special guest interviews with the men and women “in the trenches” of the industry. https://redcircle.com/shows/cyber-life
- Career Notes Cybersecurity professionals share their personal career journeys and offer tips and advice in this brief, weekly podcast from The CyberWire. https://www.thecyberwire.com/podcasts/career-notes
Below podcasts Added from here: https://infosec-conferences.com/cybersecurity-podcasts/
- Down the Security Rabbithole http://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
- The Privacy, Security, & OSINT Show https://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
- Defensive Security Podcast https://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
- Darknet Diaries https://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
- Brakeing Down Security https://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
- Open Source Security Podcast https://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
- Cyber Motherboard https://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
- Hak5 https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
- Threatpost Podcast Series https://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
- CISO-Security Vendor Relationship Podcast https://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.
- Getting Into Infosec Podcast Stories of how Infosec and Cybersecurity pros got jobs in the field so you can be inspired, motivated, and educated on your journey. – https://gettingintoinfosec.com/
- Unsupervised Learning Weekly podcasts and biweekly newsletters as a curated summary intersection of security, technology, and humans, or a standalone idea to provoke thought, by Daniel Miessler. https://danielmiessler.com/podcast/
- Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O’Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://landing.google.com/sre/books/
- Security Engineering By Ross Anderson – A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
- The Cyber Skill Gap By Vagner Nunes – The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
- The Beginner’s Guide to Information Security By Limor Elbaz – Offers insight and resources to help readers embark on a career in one of the 21st century’s most important—and potentially lucrative—fields. https://www.amazon.com/Beginners-Guide-Information-Security-Kickstart-ebook/dp/B01JTDDSAM
- Free Springer Textbooks Valid at least through July, Springer is providing free access to several hundred titles in its eBook collection. Books are available via SpringerLink and can be viewed online or downloaded as PDF or EBUP files. Disciplines include computer science, networking, cryptography, digital forensics, and others. https://link.springer.com/search/page/1?facet-content-type=%22Book%22&package=mat-covid19_textbooks&facet-language=%22En%22&sortOrder=newestFirst&showAll=true
- Texas A&M Security Courses The web-based courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power the global economy remain intact and secure. The web-based courses are offered through three discipline-specific tracks: general, non-technical computer users; technical IT professionals; and business managers and professionals. https://teex.org/program/dhs-cybersecurity/
- WebSecurity Academy Free online web security training from the creators of Burp Suite https://portswigger.net/web-security
- Mosse Cyber Security Institute Introduction to cybersecurity free certification with 100+ hours of training, no expiry/renewals, https://www.mosse-institute.com/certifications/mics-introduction-to-cyber-security.html
- BugCrowd University Free bug hunting resources and methodologies in form of webinars, education and training. https://www.bugcrowd.com/hackers/bugcrowd-university/
- Certified Network Security Specialist Certification and training; Expires Aug 31 2020 Use coupon code #StaySafeHome during checkout to claim your free access. Offer is valid till 31/08/2020. £500.00 Value https://www.icsi.co.uk/courses/icsi-cnss-certified-network-security-specialist-covid-19
- Metasploit Unleashed Most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. https://www.offensive-security.com/metasploit-unleashed/
- AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
- SANS Faculty Free Tools List of OSS developed by SANS staff. https://www.sans.org/media/free/free-faculty-tools.pdf?msc=sans-free-lp
- “Using ATT&CK for Cyber Threat Intelligence Training” – 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
- Coursera -“Coursera Together: Free online learning during COVID-19” Lots of different types of free training. https://blog.coursera.org/coursera-together-free-online-learning-during-covid-19/
- Fortinet Security Appliance Training Free access to the FortiGate Essentials Training Course and Network Security Expert courses 1 and 2 https://www.fortinet.com/training/cybersecurity-professionals.html
- Chief Information Security Officer (CISO) Workshop Training – The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. – https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
- CLARK Center Plan C – Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
- Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
- Hacker101 – Free classes for web security – https://www.hacker101.com/
- ElasticStack – Free on-demand Elastic Stack, observability, and security courses. https://training.elastic.co/learn-from-home
- Hoppers Roppers – Community built around a series of free courses that provide training to beginners in the security field. https://www.hoppersroppers.org/training.html
- IBM Security Learning Academy Free technical training for IBM Security products. https://www.securitylearningacademy.com/
- M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
- Open P-TECH Free digital learning on the tech skills of tomorrow. https://www.ptech.org/open-p-tech/
- Udemy – Online learning course platform “collection from the free courses in our learning marketplace” https://www.udemy.com/courses/free/
- Enroll Now Free: PCAP Programming Essentials in Python https://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
- Packt Web Development Course Web Development Get to grips with the fundamentals of the modern web Unlock one year of free online access. https://courses.packtpub.com/pages/free?fbclid=IwAR1FtKQcYK8ycCmBMXaBGvW_7SgPVDMKMaRVwXYcSbiwvMfp75gazxRZlzY
- Stanford University Webinar – Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: — The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
- Stanford University Webinar – Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
- Kill Chain: The Cyber War on America’s Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
- Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
- Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
- Pluralsight and Microsoft Partnership to help you become an expert in Azure. With skill assessments and over 200+ courses, 40+ Skill IQs and 8 Role IQs, you can focus your time on understanding your strengths and skill gaps and learn Azure as quickly as possible.https://www.pluralsight.com/partners/microsoft/azure
- Blackhat Webcast Series Monthly webcast of varying cyber topics. I will post specific ones in the training section below sometimes, but this is worth bookmarking and checking back. They always have top tier speakers on relevant, current topics. https://www.blackhat.com/html/webcast/webcast-home.html
- Federal Virtual Training Environment – US Govt sponsored free courses. There are 6 available, no login required. They are 101 Coding for the Public, 101 Critical Infrastructure Protection for the Public, Cryptocurrency for Law Enforcement for the Public, Cyber Supply Chain Risk Management for the Public, 101 Reverse Engineering for the Public, Fundamentals of Cyber Risk Management. https://fedvte.usalearning.gov/public_fedvte.php
- Harrisburg University CyberSecurity Collection of 18 curated talks. Scroll down to CYBER SECURITY section. You will see there are 4 categories Resource Sharing, Tools & Techniques, Red Team (Offensive Security) and Blue Teaming (Defensive Security). Lot of content in here; something for everyone. https://professionaled.harrisburgu.edu/online-content/
- OnRamp 101-Level ICS Security Workshop Starts this 4/28. 10 videos, Q&A / discussion, bonus audio, great links. Get up to speed fast on ICS security. It runs for 5 weeks. 2 videos per week. Then we keep it open for another 3 weeks for 8 in total. https://onramp-3.s4xevents.com
- HackXOR WebApp CTF Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I’ve personally found while doing pentests, bug bounty hunting, and research. https://hackxor.net/
- Suricata Training 5-part training module using a simulation as a backdrop to teach how to use Suricata. https://rangeforce.com/resource/suricata-challenge-reg/
- flAWS System Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). Multiple levels, “Buckets” of fun. http://flaws.cloud/
- Stanford CS 253 Web Security A free course from Stanford providing a comprehensive overview of web security. The course begins with an introduction to the fundamentals of web security and proceeds to discuss the most common methods for web attacks and their countermeasures. The course includes video lectures, slides, and links to online reading assignments. https://web.stanford.edu/class/cs253
- Linux Journey A free, handy guide for learning Linux. Coverage begins with the fundamentals of command line navigation and basic text manipulation. It then extends to more advanced topics, such as file systems and networking. The site is well organized and includes many examples along with code snippets. Exercises and quizzes are provided as well. https://linuxjourney.com
- Ryan’s Tutorials A collection of free, introductory tutorials on several technology topics including: Linux command line, Bash scripting, creating and styling webpages with HTML and CSS, counting and converting between different number systems, and writing regular expressions. https://ryanstutorials.net
- The Ultimate List of SANS Cheat Sheets Massive collection of free cybersecurity cheat sheets for quick reference (login with free SANS account required for some penetration testing resources). https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
- CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn:The ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. How to employ threat intelligence to conduct comprehensive defense strategies to mitigate potential compromise. How to use TI to respond to and minimize impact of cyber incidents. How to generate comprehensive and actionable reports to communicate gaps in defenses and intelligence findings to decision makers. https://www.shadowscape.io/cyber-intelligence-analytics-operat
- Linux Command Line for Beginners 25 hours of training – In this course, you’ll learn from one of Fullstack’s top instructors, Corey Greenwald, as he guides you through learning the basics of the command line through short, digestible video lectures. Then you’ll use Fullstack’s CyberLab platform to hone your new technical skills while working through a Capture the Flag game, a special kind of cybersecurity game designed to challenge participants to solve computer security problems by solving puzzles. Finally, through a list of carefully curated resources through a series of curated resources, we’ll introduce you to some important cybersecurity topics so that you can understand some of the common language, concepts and tools used in the industry. https://prep.fullstackacademy.com/
- Hacking 101 6 hours of free training – First, you’ll take a tour of the world and watch videos of hackers in action across various platforms (including computers, smartphones, and the power grid). You may be shocked to learn what techniques the good guys are using to fight the bad guys (and which side is winning). Then you’ll learn what it’s like to work in this world, as we show you the different career paths open to you and the (significant) income you could make as a cybersecurity professional. https://cyber.fullstackacademy.com/prepare/hacking-101
- Choose Your Own Cyber Adventure Series: Entry Level Cyber Jobs Explained YouTube Playlist (videos from my channel #simplyCyber) This playlist is a collection of various roles within the information security field, mostly entry level, so folks can understand what different opportunities are out there. https://www.youtube.com/playlist?list=PL4Q-ttyNIRAqog96mt8C8lKWzTjW6f38F
- NETINSTRUCT.COM Free Cybersecurity, IT and Leadership Courses – Includes OS and networking basics. Critical to any Cyber job. https://netinstruct.com/courses
- HackerSploit – HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. https://hackersploit.org/
- Resources for getting started (Free and Paid)Practice
- DetectionLab (Free)
- LetsDefend.io (Free/Paid)
- DetectionLabELK (Free)
- malware-traffic-analysis (Free)
- Practical Packet Analysis (Book) Chris Sanders
- Logging and Log Management by Anton A. Chuvakin , Kevin J. Schmidt (Book)
- Sigma (Tool)
- SysmonSearch (Tool)
- Applied Network Security Monitoring: Collection, Detection, and Analysis (Book)
- Open Security Training
- SANS Reading Room
- Security Onion
- The Appliance for Digital Investigation and Analysis (ADIA) https://forensics.cert.org/#ADIA
- SANS Investigative Forensic Toolkit (SIFT) Workstation
Memory Analysis Tools
- FOR578: Cyber Threat Intelligence (Paid)
- SEC511: Continuous Monitoring & Security Operations (Paid)
- SEC445: SIEM Design & Implementation (Paid)
- AEGIS Certification (Paid)
CYBERSECURITY COURSES: (Multi-week w/Enrollment)
- Computer Science courses with video lectures Intent of this list is to act as Online bookmarks/lookup table for freely available online video courses. Focus would be to keep the list concise so that it is easy to browse. It would be easier to skim through 15 page list, find the course and start learning than having to read 60 pages of text. If you are student or from non-CS background, please try few courses to decide for yourself as to which course suits your learning curve best. https://github.com/Developer-Y/cs-video-courses?utm_campaign=meetedgar&utm_medium=social&utm_source=meetedgar.com
- Cryptography I -offered by Stanford University – Rolling enrollment – Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. https://www.coursera.org/learn/crypto
- Software Security Rolling enrollment -offered by University of Maryland, College Park via Coursera – This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. https://www.coursera.org/learn/software-security
- Intro to Information Security Georgia Institute of Technology via Udacity – Rolling Enrollment. This course provides a one-semester overview of information security. It is designed to help students with prior computer and programming knowledge — both undergraduate and graduate — understand this important priority in society today. Offered at Georgia Tech as CS 6035 https://www.udacity.com/course/intro-to-information-security–ud459
- Cyber-Physical Systems Security Georgia Institute of Technology via Udacity – This course provides an introduction to security issues relating to various cyber-physical systems including industrial control systems and those considered critical infrastructure systems. 16 week course – Offered at Georgia Tech as CS 8803 https://www.udacity.com/course/cyber-physical-systems-security–ud279
- Finding Your Cybersecurity Career Path – University of Washington via edX – 4 weeks long – self paced – In this course, you will focus on the pathways to cybersecurity career success. You will determine your own incoming skills, talent, and deep interests to apply toward a meaningful and informed exploration of 32 Digital Pathways of Cybersecurity. https://www.edx.org/course/finding-your-cybersecurity-career-path
- Building a Cybersecurity Toolkit – University of Washington via edX – 4 weeks self-paced The purpose of this course is to give learners insight into these type of characteristics and skills needed for cybersecurity jobs and to provide a realistic outlook on what they really need to add to their “toolkits” – a set of skills that is constantly evolving, not all technical, but fundamentally rooted in problem-solving. https://www.edx.org/course/building-a-cybersecurity-toolkit
- Cybersecurity: The CISO’s View – University of Washington via edX – 4 weeks long self-paced – This course delves into the role that the CISO plays in cybersecurity operations. Throughout the lessons, learners will explore answers to the following questions: How does cybersecurity work across industries? What is the professionals’ point of view? How do we keep information secure https://www.edx.org/course/cybersecurity-the-cisos-view
- Introduction to Cybersecurity – University of Washington via edX – In this course, you will gain an overview of the cybersecurity landscape as well as national (USA) and international perspectives on the field. We will cover the legal environment that impacts cybersecurity as well as predominant threat actors. – https://www.edx.org/course/introduction-to-cybersecurity
- Cyber Attack Countermeasures New York University (NYU) via Coursera – This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema. – https://www.coursera.org/learn/cyber-attack-countermeasures
- Introduction to Cyber Attacks New York University (NYU) via Coursera – This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. https://www.coursera.org/learn/intro-cyber-attacks
- Enterprise and Infrastructure Security New York University (NYU) via Coursera – This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. https://www.coursera.org/learn/enterprise-infrastructure-security
- Network Security Georgia Institute of Technology via Udacity – This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas. – https://www.udacity.com/course/network-security–ud199
- Real-Time Cyber Threat Detection and Mitigation – New York University (NYU) via Coursera This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. https://www.coursera.org/learn/real-time-cyber-threat-detection
CYBERSECURITY Cheat sheets
- Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. https://github.com/Ignitetechnologies/Privilege-Escalation
- Malware analysis tools and resources. https://github.com/rshipp/awesome-malware-analysis
- Analyzing Malicious Documents Cheat Sheet https://zeltser.com/analyzing-malicious-documents/
- ReverseEngineering Cheat Sheet https://www.cybrary.it/wp-content/uploads/2017/11/cheat-sheet-reverse-v6.png
- SQL Injection | Various DBs http://pentestmonkey.net/category/cheat-sheet/sql-injection
- Nmap Cheat Sheet and Pro Tips https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
- PENTESTING LocalFileInclude Cheat Sheet https://highon.coffee/blog/lfi-cheat-sheet/
- Penetration Testing Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
- Reverse Shell Cheat Sheet https://highon.coffee/blog/reverse-shell-cheat-sheet/
- nbtscan Cheat Sheet https://highon.coffee/blog/nbtscan-cheat-sheet/
- Linux Commands Cheat Sheet https://highon.coffee/blog/linux-commands-cheat-sheet/
- Kali Linux Cheat Sheet https://i.redd.it/9bu827i9tr751.jpg
- Hacking Tools Cheat Sheet (Diff tools) https://i.redd.it/fviaw8s43q851.jpg
- Google Search Operators: The Complete List (42 Advanced Operators) https://ahrefs.com/blog/google-advanced-search-operators/
- (Multiple) (Good) Cheat Sheets – Imgur https://imgur.com/gallery/U5jqgik
- Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- Shodan Query Filters https://github.com/JavierOlmedo/shodan-filters
- Getting Real with XSS – A reference on the new technquies to XSS https://labs.f-secure.com/blog/getting-real-with-xss/
SANS Massive List of Cheat Sheets Curated from here: https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
General IT Security * Windows and Linux Terminals & Command Lines https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltea7de5267932e94b/5eb08aafcf88d36e47cf0644/Cheatsheet_SEC301-401_R7.pdf
- TCP/IP and tcpdump https://www.sans.org/security-resources/tcpip.pdf?msc=Cheat+Sheet+Blog
- IPv6 Pocket Guide https://www.sans.org/security-resources/ipv6_tcpip_pocketguide.pdf?msc=Cheat+Sheet+Blog
- Powershell Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf146e4f361db3938/5e34a7bc946d717e2eab6139/power-shell-cheat-sheet-v41.pdf
- Writing Tips for IT Professionals https://zeltser.com/writing-tips-for-it-professionals/
- Tips for Creating and Managing New IT Products https://zeltser.com/new-product-management-tips/
- Tips for Getting the Right IT Job https://zeltser.com/getting-the-right-it-job-tips/
- Tips for Creating a Strong Cybersecurity Assessment Report https://zeltser.com/security-assessment-report-cheat-sheet/
- Critical Log Review Checklist for Security Incidents https://zeltser.com/security-incident-log-review-checklist/
- Security Architecture Cheat Sheet for Internet Applications https://zeltser.com/security-architecture-cheat-sheet/
- Tips for Troubleshooting Human Communications https://zeltser.com/human-communications-cheat-sheet/
- Security Incident Survey Cheat Sheet for Server Administrators https://zeltser.com/security-incident-survey-cheat-sheet/
- Network DDoS Incident Response Cheat Sheet https://zeltser.com/ddos-incident-cheat-sheet/
- Information Security Assessment RFP Cheat Sheet https://zeltser.com/cheat-sheets/
Digital Forensics and Incident Response
- SIFT Workstation Cheat Sheet https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf?msc=Cheat+Sheet+Blog
- Plaso Filtering Cheat Sheet https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf?msc=Cheat+Sheet+Blog
- Tips for Reverse-Engineering Malicious Code https://digital-forensics.sans.org/media/reverse-engineering-malicious-code-tips.pdf?msc=Cheat+Sheet+Blog
- REMnux Usage Tips for Malware Analysis on Linux https://digital-forensics.sans.org/media/remnux-malware-analysis-tips.pdf?msc=Cheat+Sheet+Blog
- Analyzing Malicious Documents https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf?msc=Cheat+Sheet+Blog
- Malware Analysis and Reverse-Engineering Cheat Sheet https://digital-forensics.sans.org/media/malware-analysis-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- SQlite Pocket Reference Guide https://digital-forensics.sans.org/media/SQlite-PocketReference-final.pdf?msc=Cheat+Sheet+Blog
- Eric Zimmerman’s tools Cheat Sheet https://digital-forensics.sans.org/media/EricZimmermanCommandLineToolsCheatSheet-v1.0.pdf?msc=Cheat+Sheet+Blog
- Rekall Memory Forensics Cheat Sheet https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf?msc=Cheat+Sheet+Blog
- Linux Shell Survival Guide https://digital-forensics.sans.org/media/linux-shell-survival-guide.pdf?msc=Cheat+Sheet+Blog
- Windows to Unix Cheat Sheet https://digital-forensics.sans.org/media/windows_to_unix_cheatsheet.pdf?msc=Cheat+Sheet+Blog
- Memory Forensics Cheat Sheet https://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Hex and Regex Forensics Cheat Sheet https://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf?msc=Cheat+Sheet+Blog
- FOR518 Mac & iOS HFS+ Filesystem Reference Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt61c336e02577e733/5eb0940e248a28605479ccf0/FOR518_APFS_CheatSheet_012020.pdf
- The majority of DFIR Cheat Sheets can be found here –> https://digital-forensics.sans.org/community/cheat-sheets?msc=Cheat+Sheet+Blog.
Penetration Testing * Swiss Army Knife collection of PenTesting Cheatsheets https://github.com/swisskyrepo/PayloadsAllTheThings
- SQLite Injection Cheat Sheet https://github.com/unicornsasfuel/sqlite_sqli_cheat_sheet
- SSL/TLS Vulnerability Cheat Sheet https://github.com/IBM/tls-vuln-cheatsheet
- Windows Intrusion Discovery Cheat Sheet v3.0 https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Intrusion Discovery Cheat Sheet v2.0 (Linux) https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Intrusion Discovery Cheat Sheet v2.0 (Windows 2000) https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd6fa777a3215f34a/5eb08aae08d37e6d82ef77fe/win2ksacheatsheet.pdf
- Windows Command Line https://pen-testing.sans.org/retrieve/windows-command-line-sheet.pdf?msc=Cheat+Sheet+Blog
- Netcat Cheat Sheet https://pen-testing.sans.org/retrieve/netcat-cheat-sheet.pdf?msc=Cheat+Sheet+Blog
- Misc Tools Cheat Sheet https://pen-testing.sans.org/retrieve/misc-tools-sheet.pdf?msc=Cheat+Sheet+Blog
- Python 3 Essentials https://www.sans.org/blog/sans-cheat-sheet-python-3/?msc=Cheat+Sheet+Blog
- Windows Command Line Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt4e45e00c2973546d/5eb08aae4461f75d77a48fd4/WindowsCommandLineSheetV1.pdf
- SMB Access from Linux Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blta6a2ae64ec0ed535/5eb08aaeead3926127b4df44/SMB-Access-from-Linux.pdf
- Pivot Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt0f228a4b9a1165e4/5ef3d602395b554cb3523e7b/pivot-cheat-sheet-v1.0.pdf
- Google Hacking and Defense Cheat Sheet https://www.sans.org/security-resources/GoogleCheatSheet.pdf?msc=Cheat+Sheet+Blog
- Scapy Cheat Sheet https://wiki.sans.blue/Tools/pdfs/ScapyCheatSheet_v0.2.pdf
- Nmap Cheat Sheet https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blte37ba962036d487b/5eb08aae26a7212f2db1c1da/NmapCheatSheetv1.1.pdf
Cloud Security Cheat sheets
- Multicloud Cheat Sheet https://www.sans.org/security-resources/posters/cloud/multicloud-cheat-sheet-215?msc=blog-ultimate-list-cheat-sheets
- A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.
- The web server sends the browser/server a copy of its SSL certificate.
- The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.
- The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser/server and the web server.
There are many benefits to using SSL certificates. Namely, SSL customers can:
- Utilize HTTPs, which elicits a stronger Google ranking
- Create safer experiences for your customers
- Build customer trust and improve conversions
- Protect both customer and internal data
- Encrypt browser-to-server and server-to-server communication
- Increase security of your mobile and cloud apps
Penetration Testing Terms
- Authentication — The process of checking if a user is allowed to gain access to a system. eg. Login forms with username and password.
- Authorization — Checking if the authenticated user has access to perform an action. eg. user, admin, super admin roles.
- Audit — Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
- Access Control List — A list that contains users and their level of access to a system.
- Aircrack-ng — Wifi penetration testing software suite. Contains sniffing, password cracking, and general wireless attacking tools.
- Backdoor — A piece of code that lets hackers get into the system easily after it has been compromised.
- Burp Suite — Web application security software, helps test web apps for vulnerabilities. Used in bug bounty hunting.
- Banner Grabbing — Capturing basic information about a server like the type of web server software (eg. apache) and services running on it.
- Botnet — A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
- Brute-Force Attack — An attack where the hacker tries different login combinations to gain access. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
- Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other buffers (memory partitions) corrupting existing data.
- Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
- Cipher — Cryptographic algorithm for encrypting and decrypting data.
- Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
- Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
- Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
- Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
- Dumpster Diving — Looking into a company’s trash cans for useful information.
- Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
- DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
- Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
- Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 126.96.36.199
- DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
- Encryption — Encoding a message with a key so that only the parties with the key can read the message.
- Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
- Enumeration — Mapping out all the components of a network by gaining access to a single system.
- Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
- Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
- Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
- Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
- Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
- Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
- Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
- Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
- HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
- Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
- Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
- Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
- IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
- John The Ripper — Brilliant password cracking tool, runs on all major platforms.
- Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
- KeyLogger — A software program that captures all keystrokes that a user performs on the system.
- Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
- Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
- Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
- MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
- Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
- MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
- Metasploit — All in one penetration testing framework that helps to successfully exploit vulnerabilities and gain access to target systems.
- Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
- Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
- Network Interface Card(NIC) — Hardware that helps a device connect to a network.
- Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
- Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
- Netcat — Simple but powerful tool that can view and record data on a TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
- Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
- Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
- Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
- Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
- Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
- Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
- Phishing — Building fake web sites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
- Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
- Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
- Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
- Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
- Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
- PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
- Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
- Rainbow Table — Pre calculated password hashes that will help you crack password hashes of the target easily.
- Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
- Reverse Engineering — Rebuilding a piece of software based on its functions.
- Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
- Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
- Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
- Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to login to remote servers and perform system administration.
- Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
- Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
- Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
- Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare with another hash, you cannot re-hash it to its earlier format.
- Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
- Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
- Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
- Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
- Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
- SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
- Trojan — A malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
- Traceroute — Tool that maps the route a packet takes between the source and destination.
- Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
- Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
- Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. autoplaying a USB drive.
- Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
- War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
- WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
- Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
- Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to built a botnet. Unlike Viruses, Worms don’t need a trigger.
- Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
- Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
- Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerabilities since there is no possible way to protect against one.
- Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.
CyberSecurity Post COVID-19
- Increased distributed working: With organizations embracing work from home, incremental risks have been observed due to a surge in Bring Your Own Device (BYOD), Virtual Private Network (VPN), Software As A Service (SaaS), O365 and Shadow IT, as it could be exploited by various Man-in-the-Middle (MITM) attack vectors.
- Reimagine Business Models: Envisioning new business opportunities, modes of working, and renewed investment priorities. With reduced workforce capability, compounded with skill shortages, staff who are focusing on business as usual tasks can be victimized, via social engineering.
- Digital Transformation and new digital infrastructure: With the change in nature for organizations across the industrial and supply chain sector – security is deprioritized. Hardening of the industrial systems and cloud based infrastructure is crucial as cyber threats exploit these challenges via vulnerability available for unpatched systems.
- With an extreme volume of digital communication, security awareness is lowered with increased susceptibility. Malicious actors are using phishing techniques to exploit such situations.
Re-evaluate your approach to cyber
- Which cyber scenarios your organization appears to be preparing for or is prepared?
- Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
- What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
- What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
The organizations should reflect the following scenarios at a minimum and consider:
- Which cyber scenarios your organization appears to be preparing for or is prepared?
- Is there a security scenario that your organization is currently ignoring – but shouldn’t be?
- What would your organization need to do differently in order to win, in each of the identified cyber scenarios?
- What capabilities, cyber security partnerships, and workforce strategies do you need to strengthen?
- To tackle the outcome from the above scenarios, the following measures are the key:
Inoculation through education: Educate and / or remind your employees about –
- Your organization’s defense – remote work cyber security policies and best practices
- Potential threats to your organization and how will it attack – with a specific focus on social engineering scams and identifying COVID-19 phishing campaigns
- Assisting remote employees with enabling MFA across the organization assets
Adjust your defenses: Gather cyber threat intelligence and execute a patching sprint:
- Set intelligence collection priorities
- Share threat intelligence with other organizations
- Use intelligence to move at the speed of the threat
- Focus on known tactics, such as phishing and C-suite fraud.
Prioritize unpatched critical systems and common vulnerabilities.
Enterprise recovery: If the worst happens and an attack is successful, follow a staged approach to recovering critical business operations which may include tactical items such as:
- Protect key systems through isolation
- Fully understand and contain the incident
- Eradicate any malware
- Implement appropriate protection measures to improve overall system posture
- Identify and prioritize the recovery of key business processes to deliver operations
- Implement a prioritized recovery plan
Cyber Preparedness and Response: It is critical to optimize the detection capability thus, re-evaluation of the detection strategy aligned with the changing landscape is crucial. Some key trends include:
- Secure and monitor your cloud environments and remote working applications
- Increase monitoring to identify threats from shadow IT
- Analyze behavior patterns to improve detection content
Finding the right cyber security partner: To be ready to respond identify the right partner with experience and skillset in Social Engineering, Cyber Response, Cloud Security, and Data Security.
Critical actions to address
At this point, as the organizations are setting the direction towards the social enterprise, it is an unprecedented opportunity to lead with cyber discussions and initiatives. Organizations should immediately gain an understanding of newly introduced risks and relevant controls by:
- Getting a seat at the table
- Understanding the risk prioritization:
- Remote workforce/technology performance
- Operational and financial implications
- Emerging insider and external threats
- Business continuity capabilities
Assessing cyber governance and security awareness in the new operating environment
Assessing the highest areas of risk and recommend practical mitigation strategies that minimize impact to constrained resources.
Keeping leadership and the Board apprised of ever-changing risk profile
Given the complexity of the pandemic and associated cyber challenges, there is reason to believe that the recovery phase post-COVID-19 will require unprecedented levels of cyber orchestration, communication, and changing of existing configurations across the organization.
CyberSecurity: Protect Yourself on Internet
- Use two factor authentication when possible. If not possible, use strong unique passwords that are difficult to guess or crack. This means avoiding passwords that use of common words, your birthdate, your SSN, names and birthdays of close associates, etc.
- Make sure the devices you are using are up-to-date and have some form of reputable anti-virus/malware software installed.
- Never open emails, attachments, programs unless they are from a trusted source (i.e., a source that can be verified). Also disregard email or web requests that ask you to share your personal or account information unless you are sure the request and requestor are legitimate.
- Try to only use websites that are encrypted. To do this, look for either the trusted security lock symbol before the website address and/or the extra “s” at the end of http in the URL address bar.
- Avoid using an administrator level account when using the internet.
- Only enable cookies when absolutely required by a website.
- Make social media accounts private or don’t use social media at all.
- Consider using VPNs and encrypting any folders/data that contains sensitive data.
- Stay away from using unprotected public Wi-Fi networks.
Social media is genetically engineered in Area 51 to harvest as much data from you as possible. Far beyond just having your name and age and photograph.
Never use the same username twice anywhere, or the same password twice anywhere.
Use Tor/Tor Browser whenever possible. It’s not perfect, but it is a decent default attempt at anonymity.
Use a VPN. Using VPN and Tor can be even better.
Search engines like DuckDuckGo offer better privacy (assuming they’re honest, which you can never be certain of) than Google which, like social media, works extremely hard to harvest every bit of data from you that they can.
Never give your real details anywhere. Certainly not things like your name or pictures of yourself, but even less obvious things like your age or country of origin. Even things like how you spell words and grammatical quirks can reveal where you’re from.
Erase your comments from websites after a few days/weeks. It might not erase them from the website’s servers, but it will at least remove them from public view. If you don’t, you can forget they exist and you never know how or when they can and will be used against you.
With Reddit, you can create an account fairly easily over Tor using no real information. Also, regularly nuke your accounts in case Reddit or some crazy stalker is monitoring your posts to build a profile of who you might be. Source: Reddit
- Adrian Lamo – gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
- Albert Gonzales – an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
- Andrew Auernheimer (known as Weev) – Went to jail for using math against AT&T website.
- Barnaby Jack – was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
- Benjamin Delpy – Mimikatz
- DVD-Jon – He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement.
- Eric Corley (known as Emmanuel Goldstein) – 2600
- Gary McKinnon – a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
- George Hotz aka geohot – “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
- Guccifer 2.0 – a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
- Hector Monsegur (known as Sabu) – an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
- Jacob Appelbaum – an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
- James Forshaw – one of the world’s foremost bug bounty huners
- Jeanson James Ancheta – On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
- Jeremy Hammond – He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
- John Draper – also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
- Kevin Mitnick – Free Kevin
- Kimberley Vanvaeck (known as Gigabyte) – a virus writer from Belgium known for a long-standing dispute which involved the internet security firm Sophos and one of its employees, Graham Cluley. Vanvaeck wrote several viruses, including Quis, Coconut and YahaSux (also called Sahay). She also created a Sharp virus (also called “Sharpei”), credited as being the first virus to be written in C#.
- Lauri Love – a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
- Michael Calce (known as MafiaBoy) – a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
- Mudge – Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
- Phineas Fisher – vigilante hacker god
- PRAGMA – Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
- The 414s – The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
- The Shadow Brokers – is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.
Notable Viruses & Worms
- Anna Kournikova
- Code Red
- ILOVEYOU virus
- Melissa virus
- Morris Worm
- Storm Worm
- WannaCry virus
- The Strange History of Ransomware
The first ransomware virus predates e-mail, even the Internet as we know it, and was distributed on floppy disk by the postal service. It sounds quaint, but in some ways this horse-and-buggy version was even more insidious than its modern descendants. Contemporary ransomware tends to bait victims using legitimate-looking email attachments — a fake invoice from UPS, or a receipt from Delta airlines. But the 20,000 disks dispatched to 90 countries in December of 1989 were masquerading as something far more evil: AIDS education software.
How to protect sensitive data for its entire lifecycle in AWS
You can protect data in-transit over individual communications channels using transport layer security (TLS), and at-rest in individual storage silos using volume encryption, object encryption or database table encryption. However, if you have sensitive workloads, you might need additional protection that can follow the data as it moves through the application stack. Fine-grained data protection techniques such as field-level encryption allow for the protection of sensitive data fields in larger application payloads while leaving non-sensitive fields in plaintext. This approach lets an application perform business functions on non-sensitive fields without the overhead of encryption, and allows fine-grained control over what fields can be accessed by what parts of the application. Read m ore here…
Cybersecurity Breaking News – Top Stories
- Security issue when register/install new account/app via Google accountby /u/Voldemort_15 (cybersecurity) on September 30, 2022 at 6:07 pm
Hi all, I post this question to support Google but no one answered after 4 days. Hope it is OK to ask here. I see many websites that allow you to register new account quickly via Google account. However, there are statements before you click agree like: "View and manage documents that this application has been installed in" "Allow this application to run when you are not present" "View and manage data associated with the application""Display and run third-party web content in prompts and sidebars inside Google applications" "You may be sharing sensitive info with this site or app. You can always see or remove access in your Google Account. Learn how Google helps you share data safely." ... Some things likes you give all control of your Google account to this party. Do you think it is safe to allow to register/install by this option? Many times, this is the only option to register/install. Thank you in advance! submitted by /u/Voldemort_15 [link] [comments]
- Password Spray Triggered Alert? How to tell it's false positiveby /u/TheYansterr (cybersecurity) on September 30, 2022 at 6:00 pm
Hello, we had an alert from one of our cisco endpoint security for password spray event. But i am confused because it is coming from an ACS server. Over 200 login attempts with 17 successful logons. Usernames are coming from the ACS and Admin account. I do know we're upgrading our servers but I'm new to the company so I have no idea yet how data flow is like but no one seems to be taking this event seriously. So my question is, is it common for servers to trigger a password spray? If not what are the next steps I should do to mitigate this? Thanks submitted by /u/TheYansterr [link] [comments]
- ZINC weaponizing open-source software - Microsoft Security Blogby /u/speckz (cybersecurity) on September 30, 2022 at 4:02 pm
submitted by /u/speckz [link] [comments]
- There’s an upcoming cybersecurity & third party risk summit in October being hosted by Global Resilience Federation, outside of DC. Is anyone in this sub attending? Here’s a link- would be awesome to network in person.by /u/hiihaveareddit (cybersecurity) on September 30, 2022 at 3:50 pm
submitted by /u/hiihaveareddit [link] [comments]
- Cloud workload protection/runtime protectionby /u/andrewdoesit (cybersecurity) on September 30, 2022 at 3:43 pm
Curious as to what y’all’s experience is with some of the cloud workload products are. It seems like there isn’t a whole lot out there and I’d love to hear some feedback on what you’re using and how you like it. submitted by /u/andrewdoesit [link] [comments]
- New Malware Families Found Targeting VMware ESXi Hypervisorsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 2:42 pm
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
- Any useful cybersecurity software under $5k?by /u/EmotionNo6674 (cybersecurity) on September 30, 2022 at 1:57 pm
Hello Team! I am looking for any recommendations for any software/hardware (no computers/laptops) that you found useful in IR, Pen testing, or general cybersecurity from your experence. We are a small security shop but manage a few thousand endpoints/systems, and I got some cash to spend on random software and/or physical accessories. Any thoughts are welcome. submitted by /u/EmotionNo6674 [link] [comments]
- internal application pen/security testingby /u/_l0la (cybersecurity) on September 30, 2022 at 1:56 pm
hi cyber security professionals... so i am handling pen testing for my company and one area which i dont have much knowledge in is internal application security testing. my background is network and security engineer. i am aware of SAST, and DAST, which my company is currently investigating a potential platform to purchase. but in terms of annual pentesting, what services do you think i could include in the yearly pen testing activities. (and so search for in suppliers' services) some i have come across are threat modelling, code review.... anything else any of you guys include? or anything you would say is more important than others. i am already ok with all the external facing stuff e.g. apis, web apps, etc. but it is the internal in house stuff im looking for. thanks, submitted by /u/_l0la [link] [comments]
- New Microsoft Exchange zero-days actively exploited in attacksby /u/wewewawa (cybersecurity) on September 30, 2022 at 1:36 pm
submitted by /u/wewewawa [link] [comments]
- Microsoft says two new Exchange zero-day bugs under active attack, but no immediate fixby /u/rangeva (cybersecurity) on September 30, 2022 at 1:07 pm
submitted by /u/rangeva [link] [comments]
- Top cybersecurity stories for the week of 09-26-22 to 09-30-22by /u/CISO_Series_Producer (cybersecurity) on September 30, 2022 at 12:36 pm
- Cyber Attacks Against Middle East Governments Hide Malware in Windows logoby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 11:52 am
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410
- New Malware Campaign Targeting Job Seekers with Cobalt Strike Beaconsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 10:20 am
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains
- Why Organisations Need Both EDR and NDR for Complete Network Protectionby email@example.com (The Hacker News) (The Hacker News) on September 30, 2022 at 10:10 am
Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones,
- North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacksby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 10:02 am
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is
- What are your canned responses in Cyber Security?by /u/securitysushi (cybersecurity) on September 30, 2022 at 10:01 am
Hi folks, I was wondering what kind of responses you regularly use in your work? I write the same sentences manually over and over again and thought I start a list of canned responses (something like http://cannedtxt.com/ but for security). For example: We will monitor these activities and share the necessary information as it progresses As of now there are no known incidents specific with $company about this matter Thank you for your IT security awareness No signs of compromise or malicious behavior has been found on $server. What are your canned responses? submitted by /u/securitysushi [link] [comments]
- Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wildby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 9:01 am
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is
- Hacking group hides backdoor malware inside Windows logo imageby /u/Anastasia_IT (cybersecurity) on September 30, 2022 at 8:48 am
submitted by /u/Anastasia_IT [link] [comments]
- MS Exchange 0 Dayby /u/tigerfistsmiling (cybersecurity) on September 30, 2022 at 8:45 am
submitted by /u/tigerfistsmiling [link] [comments]
- WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitationby /u/Glad_Living3908 (cybersecurity) on September 30, 2022 at 7:54 am
submitted by /u/Glad_Living3908 [link] [comments]
- Reports emerging that a new zero day exists in Microsoft Exchangeby /u/Realistic-Cap6526 (cybersecurity) on September 30, 2022 at 7:25 am
submitted by /u/Realistic-Cap6526 [link] [comments]
- Quiet employeeby /u/Environmental-State7 (cybersecurity) on September 30, 2022 at 5:14 am
I have an employee who would not say anything during a meeting or incidents. If we assign him stuff, he will do it with accuracy. If we put him on a spot with a question, he would go blank and not answer correctly or stutter and not speak clearly. He got certifications but because he is so quiet, I don’t know what he knows. During an incident, we want our employees to speak up and help. I’ve asked him to speak up more when there are incidents in the past, but still nothing from him. It may be my fault as I didn’t give him any directions. How can I help this employee improve in this area? Do you have employees like this? How do you adjust and make it work? submitted by /u/Environmental-State7 [link] [comments]
- Fake CISO Profiles on LinkedIn Target Fortune 500sby /u/SquidFistHK (cybersecurity) on September 30, 2022 at 4:51 am
submitted by /u/SquidFistHK [link] [comments]
- Ex-NSA employee in Colorado arrested for selling secrets to a foreign powerby /u/regalrecaller (cybersecurity) on September 30, 2022 at 4:41 am
submitted by /u/regalrecaller [link] [comments]
- WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitationby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 30, 2022 at 4:25 am
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The
- What will you choose: Security solutions vs Incident Response?by /u/vskhosa (cybersecurity) on September 30, 2022 at 12:56 am
I am trying to weigh in the pros and cons of these two security paths. I am at crossroads between the two and have to decide which side I should go for a brighter future career. Little bit about myself - I have just over 8 years of combined experience in IT operations, system admin and security operations. That was my progression. I have been in cybersecurity for just over 4 years now. I have gained significant experience over the years and I am CISSP. In my current role, I do SOC tasks along with moderate python related security solutions tasks. From here I have two paths, I can either go full on security solutions or I can move on to the incident response team where I will be involved in threat hunting, On call IR etc. I have always wanted to go towards solutions because I like programming. What could be the downsides (if any) of going towards security solutions and what good things I might be missing if I don't go to the IR side? submitted by /u/vskhosa [link] [comments]
- Cyber and Information Warfare in Ukraine: What Do We Know Seven Months In?by /u/aknalid (cybersecurity) on September 30, 2022 at 12:16 am
submitted by /u/aknalid [link] [comments]
- We're developing a FOSS threat hunting tool integrating SIEM with a data science / automation framework through Jupyter Notebooks (Python). Looking for opinions about how seamless the lab setup should be and other details.by /u/Jonathan-Todd (cybersecurity) on September 29, 2022 at 9:50 pm
This is not my first time posting about this tool, but I'm getting to a point in the development where I'm unsure about certain implementation details and would love some opinions from others in the field, if anyone cares to chime in. What is threat hunting? A SOC needs to catch threats in real-time, put out fires, chase down alerts. They need to rely heavily on automation (SIEM / EDR alerts) to meet the demands of so much work. Attackers leverage this fact by optimizing against the tools, operating in the gray space around the rules and alerts used, or by disabling the tools. But this often produces a very odd-looking artifact, easily identifiable to a human operator looking at the traffic or endpoint. Threat Hunting (TH) is just when an operator or team not tasked with putting out those fires has time to put human eyes on raw data. Put simply: SOC = Tools enhanced by people. Tools alert, people determine true / false positive. High volume, lots of fires, little time to look at raw data. Threat Hunter = People enhanced by tools. People use tools to find things missed by tools, with other tools. Lower volume, no fires, time can go toward putting eyes on raw data and submitting requests for information (RFIs) from network owner. These are my understandings as a junior analyst without a very broad experience - I haven't worked in a SOC yet. So forgive me for a perhaps imperfect explanation. First of all, the popular idea behind Threat Hunting (TH) is to pick one TTP at a time and hunt that. Form a hypothesis. Test it. Repeat. Well with tens of thousands of TTPs out there, that's not a very fast process. I think we can do better by applying automation and data science to the process, without becoming a SOC. Where automation and Data Science Comes In Here are a few things automation and data science could help with: High volume of techniques to hunt for: You can't afford to trust the SOC has implemented all the basic fundamentals. If you just skip to hunting advanced TTPs, it'll be pretty embarrassing if you missed something obvious because you thought surely the SOC would already be alerting on that. So every threat hunt will probably begin with iterating over a list of basic places to look for evil in a network and endpoints. Tools like Sysinternals (on Windows) can help hunt these basics, but you still need to iterate over every Windows endpoint, for example. Which takes us to our next point: High volume of traffic and endpoints to hunt in: There might be hundreds, thousands, or tens of thousands of hosts in the environment you're hunting, so without automation many hunting techniques just won't work at this scale. Some clues are hidden in too much data to sift through without automation. Baselining is one of the most powerful tools at a security professional's disposal and it requires some form of automation to work with that high-volume data and identify anomalies. This is where data-science shines in TH. Our Solution So, a colleague and I (neither of us incredibly experienced in the domain), both knowing Python (and working in a field where many know Python) were thinking about how we could maximize our contribution to Threat Hunting. The non-superstar dilemma. I'm not the fastest thinker, I get distracted a lot, and I don't have a ton of experience. Once a hunt begins, I won't be the superstar clacking away at the keyboard searching a hundred registries by hand, rapidly searching through Am/Shimcache, writing queries in the SIEM and remembering just the right property to access on a certain protocol to find anomalies. I'm not that kind of superstar operator. But I can research a TTP and protocols / endpoint activities involved in that TTP and build a plan to hunt it. So why not automate that? What if we could build a tool which not only automates hunting for a TTP, but standardizes a format to automate, link to MITRE ATT&CK, and visualize data outputs in a step-by-step process so that other TH'ers can design their own "Hunting Playbooks" in this same format and share them in a public repo (or build up a private repo, if you're an MSSP and don't want attackers to know all your tricks). That way not only can we all share these playbooks, but when a talented analyst leaves your team, as long as their hunting practices where codified into playbooks, your team keeps that expertise forever? And better yet, what if we could talk to SIEM APIs with this notebook to generate Dashboards with the results of these playbooks so that analysts not comfortable working with Jupyter Notebooks can just do their normal workflow and see the data visualizations in the SIEM, for example with Kibana? We liked that idea, so we've been developing it. Finally, My Questions For each playbook, we believe it's really important to have validation. Just as good tool developers write unit tests to validate the output of their code, we wanted to incorporate validation of these TTP hunting playbooks. We thought this would also reduce friction for other TH'ers to pick up the tool and easily launch their own environment and tweak it to test their own ideas rather than having to learn how to launch a decent lab which can be either expensive (cloud) or complicated (local), or both. This involves a few steps, especially since we want to keep every aspect of the tool FOSS: Launch Environment Infrastructure (VM) - To simulate a TTP in a reliably reproducible way, Infrastructure-as-Code orchestrating the lab seems like the obvious choice here. Terraform is really good at this and is FOSS. But cloud is expensive and mostly not FOSS. However, Terraform works with the FOSS OpenStack cloud platform, which you can install on any Linux VM. So that's what we're going with. Which brings us to Question #1: Would most of you see setting up your own OpenStack VM as undesirable friction? Should we consider using Ansible or some similar tool to set up and configure OpenStack as part of this tool's functionality with basically 1-click seamlessness? It would be more work and more code to maintain for us, and I can't seem to decide whether it's more of a need or a want. A certain amount of friction will turn people away from trying a tool, so we're trying to find the sweet-spot. And we're fairly new to DevOps so we're not entirely sure that we're choosing the best FOSS tech stack for the job, or overlooking some integration or licensing detail here. Launch SIEM (Docker) - This question recently got even more complicated than I expected. It has been our intention to use Elastic Search / ELK as the FOSS SIEM component. When we started this project, ELK Stack was using a FOSS model, but recent news seems to indicate Elastic may be moving away from that model. This is worrying, since the SIEM used needs to be popular, and ELK is the only FOSS platform which comes close to the popularity of, say, Splunk. Question #2: Is ELK going to be moving away from FOSS model? The future seems unclear as far as that goes. Launch Threat Emulation (Docker) - For this we're using Caldera, a FOSS threat emulation framework by MITRE. Launch Jupyter (Docker) - Where the framework is executed from and interacted with (for visualization support). 4.5 (edit) Framework analyzes SIEM & EDR data - Elastic produced this incredibly powerful Python library called Eland which lets you stream an Elastic index in as a pandas dataframe. Indexes can be massive. Way too big to load into a DF all at once but Eland pipes data in and out behind the scenes so that your DataFrame works just like a normal one and you still access all that data as if it were all there locally. ELK APIs and Elastic Security (Formerly known as the Endgame EDR) are communicated with by the playbook / framework. Some abstraction makes this simple and keeps inputs / outputs standard across all playbooks. Hunt - Human operators use the Hunting Playbook and input timestamps where the relevant ATT&CK Techniques were observed. If the Playbook is effective, the user should be able to use the output to correctly identify the emulated TTP's artifacts. Validate - The framework compares the timestamps / ATT&CK Techniques submitted by the operator to validate effectiveness and reveals any missed Techniques along with timestamps they should have occurred. This is done by the framework interacting with Caldera's API for the emulated attack's logs. So overall, this process requires the user install and run a Python package which will kick off everything else, with two requirements: VM with OpenStack running (or we could try to orchestrate with this Ansible, as posed in Question #1). Docker. Basically my questions come down to a TL;DR of: Are we using the right infrastructure? How streamlined / orchestrated does setup need to be? Is there a better approach to setting it all up that we haven't thought of? Maybe we should be orchestrating, for example, all of the components within OpenStack instead of some parts being OpenStack and others being Docker. submitted by /u/Jonathan-Todd [link] [comments]
- Microsoft Teams Vulnerability to Privilege Escalationby /u/patoden (cybersecurity) on September 29, 2022 at 8:10 pm
9/29/22 I recently came across suspicious activity on a corporate network. I noticed an unknown actor was going around the environment and using privileged access to execute suspicious powershell during off hours. Other unusual activity I noticed coming from within Microsoft Teams. I think this vulnerability is still well and alive - Squirrel Exploit - Microsoft Teams - https://techmonitor.ai/technology/cybersecurity/microsoft-teams-vulnerability Here's the reason that I say that whenever I cross check the HASH of Microsoft Teams websites like VirusTotal and www.joesandbox.com people are reporting dropped files, unusual contacted ips, suspicious powershell commands, obfuscated commands found, Queries to processes, domains, bundled files, and unusual execution parents. Suspicious Hash from Microsoft Teams - Looked up Hash - 156cafa6da98a57e481aab74ef748726bd4dce2912536fb59e65d9a57a3ae7a7 https://www.virustotal.com/gui/file/156cafa6da98a57e481aab74ef748726bd4dce2912536fb59e65d9a57a3ae7a7/community (<-- this link multiple people are reporting the HASH as Malicious and possible greyware, all of the file names match the TeamsSetup.exe I've downloaded) https://www.joesandbox.com/analysis/668278/0/html (<-- Same Hash and I see the same malicious indicators. ) Other suspicious Hash from Microsoft Teams - Looked up Hash - d6f5d7d5c3e1cc6501d3363a765b5fe96f3467ac5ca6b2826c5a41d6851236ba https://www.virustotal.com/gui/file/d6f5d7d5c3e1cc6501d3363a765b5fe96f3467ac5ca6b2826c5a41d6851236ba/behavior (<-- other things reported things are: execution, persistence, privilege escalation, defense evasion, discovery) Below is more information on the threat. Source URL : (Download Link) https://go.microsoft.com/fwlink/p/?LinkID=2187217&clcid=0x409&culture=en-us&country=US&Lmsrc=groupChatMarketingPageWeb&Cmpid=directDownloadv2Win64 Original IP from 5/14/22: 188.8.131.52 The reported indictors are: checks-network-adapters detect-debug-environment direct-cpu-clock-access overlay peexe runtime-modules signed Security impact Tampering Reported product Teams Version/build1.5.00.9163 I reported this to MSRC and this is the response I got back: (I will try re-reporting it but I was wondering if anyone has come across anything like this? Hello, Thank you for contacting the Microsoft Security Response Center (MSRC). What you are reporting appears to be related to a suspected malicious site, IP, malicious email, etc. Please note that this email address is unable to assist with this type of issue. As such, this email thread has been closed and will no longer be monitored. Please see one of the options below: If this is a Microsoft owned email address or website you can find assistance at the at the following address: "Security Incident and Abuse Reporting> <https://cert.microsoft.com/report.aspx> This form is to report suspected security issues or abuse of Microsoft Online Services, such as Bing, Hotmail, Windows Live, Windows Azure, and Office 365. This includes malicious network activity originating from a Microsoft IP address. It also includes distribution of malicious content or other illicit or illegal material through a Microsoft Online Service. Again, we appreciate your report. Regards, MSRC submitted by /u/patoden [link] [comments]
- New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Serverby /u/CyberMasterV (cybersecurity) on September 29, 2022 at 7:50 pm
submitted by /u/CyberMasterV [link] [comments]
- Company woke up this morning to a ransomware attack. Infected every computer connected to the network and all virtual servers, including a backup server isolated from the main network. Any advice on looking for its entry point?by /u/meowlicious1 (cybersecurity) on September 29, 2022 at 4:14 pm
Edit: the ransomware is Stealbit Edit 2: Thank you to everyone so far. Edit 3: Found a batch file on the main controller. Preserving the original VMs and making new ones from tape backups to get running while old ones can be used for investigation. submitted by /u/meowlicious1 [link] [comments]
- Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malwareby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 29, 2022 at 2:15 pm
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep
- Researchers Uncover Covert Attack Campaign Targeting Military Contractorsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 29, 2022 at 12:00 pm
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out
- Five Steps to Mitigate the Risk of Credential Exposureby email@example.com (The Hacker News) (The Hacker News) on September 29, 2022 at 11:45 am
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft. While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, the
- Swachh City Platform Suffers Data Breach Leaking 16 Million User Recordsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 29, 2022 at 10:12 am
A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report shared by security firm CloudSEK
- Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacksby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 29, 2022 at 9:56 am
Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point said in
- Microsoft has restricted the Russian Federation from accessing updates to Windows 11by /u/GaryofRiviera (cybersecurity) on September 29, 2022 at 12:22 am
submitted by /u/GaryofRiviera [link] [comments]
- Researchers Warn of New Go-based Malware Targeting Windows and Linux Systemsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 28, 2022 at 2:00 pm
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through
- Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malwareby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 28, 2022 at 12:36 pm
A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for €
- Improve your security posture with Wazuh, a free and open source XDRby firstname.lastname@example.org (The Hacker News) (The Hacker News) on September 28, 2022 at 12:15 pm
Organizations struggle to find ways to keep a good security posture. This is because it is difficult to create secure system policies and find the right tools that help achieve a good posture. In many cases, organizations work with tools that do not integrate with each other and are expensive to purchase and maintain. Security posture management is a term used to describe the process of
- Hackers Using PowerPoint Mouseover Trick to Infect System with Malwareby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 28, 2022 at 10:09 am
The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a
- Facebook Shuts Down Covert Political 'Influence Operations' from Russia and Chinaby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 28, 2022 at 8:45 am
Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes
- Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotelyby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 28, 2022 at 5:03 am
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and
- Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructuresby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 27, 2022 at 1:54 pm
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on
- New NullMixer Malware Campaign Stealing Users' Payment Data and Credentialsby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 27, 2022 at 1:19 pm
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety
- Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Schemeby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 27, 2022 at 12:04 pm
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app
- Why Continuous Security Testing is a Must for Organizations Todayby email@example.com (The Hacker News) (The Hacker News) on September 27, 2022 at 11:39 am
The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026. One big area of spending includes the art of putting cybersecurity defenses under pressure, commonly known as security testing. MarketsandMarkets forecasts the global
- North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 27, 2022 at 9:46 am
The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto[.]com have been used to mount the attacks. The
- Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Schemeby email@example.com (Ravie Lakshmanan) (The Hacker News) on September 27, 2022 at 6:14 am
The Australian Federal Police (AFP) on Monday disclosed it's working to gather "crucial evidence" and that it's collaborating with overseas law enforcement authorities following the hack of telecom provider Optus. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud," the AFP said in a statement. The
- Researchers Identify 3 Hacktivist Groups Supporting Russian Interestsby firstname.lastname@example.org (Ravie Lakshmanan) (The Hacker News) on September 26, 2022 at 2:33 pm
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn
My favorite tool for creating blog content about tiny topics is the Jasper AI blog writer.
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 (Email us for more))
We know you like Sports and Geeky things, We do too, but you should build the skills that’ll drive your career into six figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive.
Download the Djamga App for ios or android or Microsoft for drop in soccer, basketball, volleyball, badminton, football, hockey, cricket games details and location in your city.
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action